Skip links

Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly.

Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC’s powers for disclosing data breaches and leaks to customers and federal agencies of “customer proprietary network information.” The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said.

At the moment, companies have to wait seven business days before they can disclose a data breach to their customers. Under the new plan, the waiting period will be scrapped altogether so people can be notified sooner.

These rules don’t just apply in instances of malicious data breaches. If the new proposal is passed, carriers will also have to follow the same disclosure procedure for “inadvertent breaches” too, in cases of human error. Finally, the FCC wants telcos to report these breaches to the FBI and the Secret Service as well.

“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” Chairwoman Rosenworcel said in a statement [PDF].

“Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information. I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

Last year, T-mobile US confirmed to The Register that “unauthorized access to some data occurred.” Some 100 million customers were believed to have been potentially affected by miscreants selling information like people’s names, addresses, social security numbers, and IMEI numbers on the dark web for six Bitcoin, worth around $280,000.

Mint Mobile was also hit by a data breach last year too. A thief stole account information and ported people’s phone numbers to a different carrier. Other sensitive data like customer’s name, email address and passwords were also potentially accessed. ®